Intermapper Application for Splunk Answers Need for Log Analytics in Network Management

You may not have noticed, but log analytics has become table stakes for network management toolsets.

Last year, Enterprise Management Associates surveyed network managers about the data sources that have become important to engineering and operations tasks. Log files consistently scored higher than anything else, including flow data, packet analysis, and SNMP metrics. Fifty-nine percent of enterprises use log files for sustained network availability and performance monitoring, and 65% use log files for network troubleshooting. When EMA asked these network managers to identify network management product features that add significant value to operations, 54% selected log file analysis. Log analysis was valued more than any other product feature we asked them about, including customizable reporting and application awareness.

With these numbers in mind, it’s good to see that Fortra has integrated its Intermapper network mapping and monitoring software with leading log analytics vendor Splunk. While network device metrics and traffic flow data can tip off network managers to the presence and location of a network problem, log files often contain information about the cause of the problem, whether it’s an interface failure or a sloppy configuration change. However, finding the right log file isn’t always easy.

Intermapper has its own log search function, but Intermapper is obviously not a log analytics tool. Its search is not very speedy or targeted, and the volume of data in logs can get out of hand, given the sheer volume of data in a log file repository. Also, network managers who turn to logs often don’t know what to look for. Anything that can help narrow that search is valuable.

With the Intermapper application for Splunk, achieved through a web services API, Intermapper sends its network monitoring and topology data in the form of log files into the Splunk system. Splunk presents this data as an embedded Intermapper map that resembles the interface on the Intermapper console.

From within Splunk, administrators can open up the Intermapper application and immediately see a map of the network overlaid with device statuses and alerts. From here, the administrator can right click on a device on the map and pull up a dashboard that shows them a summary of all the alerts for that device. Then the admininstrator can click on an alert and find all the device log files associated with that alert, immediately finding the problem that triggered the event.

Splunk’s strength is in high-powered searches and analysis of vast data stores. Intermapper’s strength is in mapping and monitoring network health and performance. The combination of the two helps network administrators rapidly narrow their searches for relevant data.

Given the demand for log file analysis that EMA has observed from network managers, we are pleased to see this integration from Intermapper. Network managers who are interested in leveraging log data for network monitoring and troubleshooting should evaluate the Intermapper application for Splunk to determine whether it meets their requirements.